Who we are

The website https://heartiquotient.com/ (hereafter: the “Site”) is offered by:

PrismWork, Inc. (hereafter “PrismWork”)

E-mail us: hello@prismwork.com

Feel free to contact us should you have any privacy-related questions. We promise to reply soon!

Why this Privacy Policy?

This privacy policy (“Privacy Policy”) aims to inform you about how we use personal data collected via the Site. Please read this Privacy Policy before using the Site or submitting any personal data. This Privacy Policy is an agreement between PrismWork and its Users.

Every person who visits the Site and/or takes the HEARTI Quotient assessment (hereafter the “User” or “you”) discloses a certain amount of personal data. The personal data is information which allows PrismWork to identify you as a natural person, regardless of whether we actually do this. You are identifiable as soon as it is possible to create a direct or indirect link between one or more data points and you as a natural person.

PrismWork is committed to the protection of the privacy of its Users, regardless of where they are situated globally. We only use and process your personal data in accordance with the GDPR. The GDPR is short for the Regulation (EU) of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation). This European regulation provides the highest level of privacy protection in the world. That is why we apply this high standard to all Users.

Through this Privacy Policy, every User of the Site is informed of the processing activities PrismWork may carry out with his or her personal data. PrismWork reserves the right to modify this Privacy Policy at all times. If we make any material changes to this Privacy Policy, we will notify you by posting the new version of the Privacy Policy on the Site and/or by sending each User a courtesy email. It is your responsibility to check the Site for updates to this Privacy Policy.

Links to other websites

Our Site may contain or provide hyperlinks or point to other websites and/or electronic communication portals maintained by third parties or may provide third party content on our Site by framing or other methods. Such a reference being made on our Site does not mean that there is any connection between our Site and these third-party websites nor that we (implicitly) agree with the content on those sites.

We do not guarantee or assume any liability for the accuracy, legality, completeness or quality of the content of third-party websites linked to on our Site or of other electronic communications portals that are not under our actual control. These references are therefore to click at your own risk and responsibility. We are not liable for any damage resulting therefrom.

These external websites may not offer the same guarantees as our Site. If you click on a link on this Site that leads to a foreign website and leaves your personal data on such a website, the processing of that personal data is not subject to this privacy policy, but to the privacy policy, if any, of the operator of that third-party website. We therefore recommend you to carefully read the terms and conditions and privacy statement of these other websites.

Who is responsible for the processing of personal data?

Controller

PrismWork is responsible for the processing of the personal data of the Users. PrismWork decides alone or in cooperation with others which personal data are being collected as well as the purposes and the technical and organizational means with regard to the processing of those personal data.

PrismWork has taken appropriate technical and organizational measures to protect the personal data of its Users. PrismWork uses a variety of adequate security technologies and procedures to help protect your personal information from unauthorized access, use or disclosure. PrismWork secures the personally identifiable information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When financial information (such as a credit card number) is transmitted to the payment gateway, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.

Processor(s)

PrismWork is free to rely on data processors. A processor is the natural or legal person who processes the personal data of the Users upon request and on behalf of the data controller. The processor is required to ensure the security and confidentiality of the data. The processor shall always act on the instructions of the data controller.

PrismWork relies on the following categories of “processors”:

• Companies we have engaged for hosting purposes (e.g. Amazon AWS, SurveyAnyplace);

• Companies we have engaged for communication purposes (e.g. Google);

• Companies we have engaged for administrative and billing purposes (e.g. Stripe);

Certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Payment:

If you make a purchase on our site, we use a third party payment processor such as Stripe or Paypal. Payments are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our site and related courses and its service providers.

On what legal grounds is my data processed?

In accordance with the GDPR we process personal data on the following legal grounds:

• On the basis of the execution of the contract agreed upon with you or the execution of pre-contractual steps taken at your request; or

• On the basis of compliance with legal or regulatory provisions with regard to the management of the contractual relationship, invoicing in particular;

• On the basis of our legitimate interest in sending information and newsletters to our customers;

• On the basis of your consent to send personalized marketing messages.

What personal data is being processed? 

PrismWork commits to only collect and process data that are adequate, relevant and limited to what is necessary for the purposes for which they are processed. The following categories of personal data are processed by PrismWork:

• Personal identification data (first name, last name, email address);

• Contact details (email address);

• Assessment input data (User responses to assessment questions);

• Financial identification data (credit card details);

• Electronic identification data (IP address, cookies); 

This data is collected at the time of your submission on the Site and when you use our services. Other personal data may be collected later, e.g. in the context of our after-sales. These data are necessary for the provision of PrismWork services. The amount of personal data collected depends on your use of the Site and the functionalities of the Site.

We also use cookies!

We also use cookies in order to recognise the User and to offer the returning User a personalised user experience, to remember technical choices, and to detect and correct any errors which might be present on the Site.

You remain free not to accept our cookies. For more information concerning the use of cookies, we kindly refer you to our Cookie Statement.

For which purposes are my personal data being used?

The processing of your personal data is essential for the proper functioning of the Site and the provision of associated services. PrismWork commits to solely process your personal data for the following purposes:

• Customer management: customer administration, billing management, support, complaint monitoring and sending assessment reports.

• Dispute management.

• Protection against fraud and infringements.

• For product development, general advertising, and marketing purposes (including audit, data analysis and research). PrismWork may share demographic and other general information about You and other Users on an aggregate basis.

• Personalized marketing communication if you have expressly agreed to it. In that case, you are free to withdraw your consent at any time.

When visiting our Site, some data are being collected for statistical purposes. Such data is necessary to optimize your user experience. These data are: IP-address, probable location of consultation, hour and day of the consultation, duration of the consultation and the pages which are being consulted. When you visit the Site, you explicitly agree to this collection of data for statistical purposes.

The User provides the personal data to PrismWork himself and can therefore exercise some kind of control. When certain data is incomplete or apparently incorrect, PrismWork has the right to postpone some expected actions temporarily or permanently.

Who receives your personal data?

Your personal data are processed for internal use within PrismWork only. Your personal data will not be sold, passed on or communicated to any third parties, except in case you have given us your explicit prior consent.

If required to do so by law, regulation or under a good faith belief that action is necessary to conform to or comply with the law and legal process, to protect and defend PrismWork rights and/or property and customers, whether or not required to do so by law, PrismWork reserves the right to contact appropriate authorities and disclose personal data at its discretion when it appears that individuals are using the Site or services for illegal or infringing activities that otherwise violate the PrismWork Privacy Policy.

We reserve the right to transfer and process your personal data on servers outside your country. However, we will always do so in accordance with this Privacy Policy and the applicable laws.

In relation to a merger or acquisition by another company, or if the business unit providing Your service were sold to another company, personal data may be transferred to and used by the resulting combined company. If PrismWork were to cease operations, this personal data might be transferred to and used by another company, which offers similar or related products or services.

How long do we store your personal data?

Your data is stored as long as necessary to achieve the ends pursued. They will be erased from our database as soon as they are no longer necessary for the ends pursued or if you validly exercise your right to erasure.

What are my rights?

Guarantee of a legitimate and secure process of your personal data

Your personal data are always processed for the legitimate purposes explained in the sections above. They are collected and processed in an appropriate, relevant and non-excessive manner, and are not kept longer than necessary to achieve the intended purposes.

Right to access

If you can prove your identity, you have the right to obtain information about the processing of your data. Thus, you have the right to know the purposes of the processing, the categories of data concerned, the categories of recipients to whom the data are transmitted, the criteria used to determine the data retention period, and the rights that you can exercise on your data.

Right to rectification of your personal data

Inaccurate or incomplete personal data may be corrected. You can request that PrismWork update your personal data by emailing hello@prismwork.com.

Right to erasure (or “right to be forgotten”)

You also have the right to obtain the erasure of your personal data under the following assumptions:

• Your personal data are no longer necessary for the intended purposes;

• You withdraw your consent to the processing and there is no other legal ground for processing;

• You have validly exercised your right of opposition;

• Your data has been illegally processed;

• Your data must be deleted to comply with a legal obligation.

The deletion of data is mainly related to visibility; it is possible that the deleted data are still temporarily stored.

Right to limitation of processing

In certain cases, you have the right to request the limitation of the processing of your personal data, especially in case of dispute as to the accuracy of the data, if the data are necessary in the context of legal proceedings or the time required to PrismWork to verify that you can validly exercise your right to erasure.

Right to object

You have the right to object at any time to the processing of your personal data for direct marketing purposes. PrismWork will stop processing your personal data unless it can demonstrate that there are compelling legitimate reasons for the processing which prevail over your right to object.

Right to withdraw your consent

You may withdraw your consent to the processing of your personal data at any time, for example for personalized marketing communication purposes.

How to exercise your rights?

If you wish to exercise your rights, you must send a request and proof of identity by email to hello@prismwork.com.

We promise to respond as soon as possible, and no later than one (1) week after receipt of your request.

Age of consent

By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence.

Court of competent jurisdiction

In the event of any dispute regarding the execution or interpretation of this Privacy Policy, PrismWork will do everything in its power to find an amicable solution. In the absence of an amicable solution, all disputes relating to or arising from the processing of personal data by PrismWork will be submitted to the exclusive jurisdiction of the State of California.